Lucene search
IgniterealtimeOpenfire
3 matches found
CVE-2019-18394
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
9.8CVSS8.5AI score0.94046EPSS
CVE-2019-18393
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
5.3CVSS5.5AI score0.82213EPSS
CVE-2019-15488
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
6.1CVSS5.9AI score0.0024EPSS